Add option to only use wheels?

[chriskuehl]

We'd like to ensure our services only ever use wheels during installation (for speedy installs, and also to avoid having to install dev headers and such). We have a script called check-all-wheels which can be used to confirm this, but it's too slow to be used as part of regular tests, so it's easy to regress and not notice it.

An option to make venv-update not consider non-wheels would fix that. This shouldn't be the default since it is basically incompatible with the public registry.

One concern is that you might get inconsistent behavior if you already have built wheels in your cache vs. if you have to go out the PyPI. Not sure if there's a clever way to solve that without always reaching out to PyPI (maybe given that we now cache things per index server?).

[asottile]

Additional metadata would need to be stored at installation time whether a specific wheel was downloaded or not

[bukzor]

I think --only-binary :all: is the behavior you're asking for. https://pip.pypa.io/en/stable/reference/pip_install/#cmdoption-only-binary

I can't think of a simple way to to solve the wheeled-from-source reproducibility problem.
I think the cache is arranged by pypi server no?
We could file the built-here wheels under a magic :localhost: pypi server name, allowing us to control it by enabling or disabling that magic name... Maybe.

[chriskuehl]

We're using --only-binary :all: a lot internally now which works pretty well. It is vulnerable to using wheels that were built by pip in an earlier invocation (rather than downloaded from PyPI) but I'm not sure if that's really worth solving in venv-update.

[asottile]

👍 good enough for me